The file command is used to identify a particular file according to thetype of data contained by the file.

The fix for CVE-2007-1536 introduced a new integer underflow flaw in thefile utility. An attacker could create a carefully crafted file which, ifexamined by a victim using the file utility, could lead to arbitrary codeexecution. (CVE-2007-2799)

This issue did not affect the version of the file utility distributed withRed Hat Enterprise Linux 2.1 or 3.

Users should upgrade to this erratum package, which contain a backportedpatch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188